0

We are trying to use SSLContextParameter in camel 2.22.0 with Tomcat for https4 request.

Our goal is to use only one keystore for private/public key with multiple alias. We load the spring ssContextParameter while camel is loading, and we want to use only alias when we define hhtps4 Endpoint, without defining a new sslContextParameter for each Endpoint in our route (~50 routes).

<camel:sslContextParameters id="sslAPPContextParameters"
        xmlns="http://camel.apache.org/schema/spring" >
        <camel:trustManagers>
            <camel:keyStore password="${truststore.jks.file.password}"
                resource="${truststore.jks.file.location}" />
        </camel:trustManagers>
        <camel:keyManagers>
            <camel:keyStore password="${keystore.jks.file.password}"
                resource="${keystore.jks.file.location}" />
        </camel:keyManagers>
    </camel:sslContextParameters>
</beans>

Is it possible ? I found "sslContextParameters/@certAlias" but it seems to need a new sslContextParameter definition to use it, which is not my need due to our huge number of camelRoute.

Thanks in advance.

Florian B.
  • 13
  • 3
  • Ah okay, so you have many different certificates in the same keystore, and you want to specify which certificate more easily from each http endpoint? If so then maybe we can take a look and see if we can do something in Camel to support this. – Claus Ibsen Aug 06 '18 at 10:20
  • That's it, I want to limit the number of keystore (with public/private key) and truststore (for public certificate) and would like to initialise only one time the sslcontextparameter and choose my keystore alias depending of the endpoint i need to request.I know it exists in webMethods and I would like to implement this in our camel project. OR, if we can't use the same SSLContextParameter more than once, define a new SSLContextParameter - which reference the first - with an alias. Thansks in advance. – Florian B. Aug 07 '18 at 11:51
  • Ah thanks, you are welcome to log a JIRA ticket at Apache Camel: http://camel.apache.org/support.html – Claus Ibsen Aug 07 '18 at 13:47
  • Hi Claus, I just log a Jira Ticket (in French sorry) https://issues.apache.org/jira/browse/CAMEL-12719 – Florian B. Aug 09 '18 at 09:10

1 Answers1

2

As far as i know:

  1. There is one (and only one) cert alias per sslContextParameters instance
  2. The HTTP4 component supports only one instance of SSLContextParameters per component (clearly explained in http://camel.apache.org/http4.html)

This means that your Camel routes are sharing the same SSL conf, and it would therefore not be a good idea to override the cert alias in multiple places (and with a different value).

I'm afraid the only solution is to define N variants of the HTTP component accompanied by its corresponding SSL conf:

<bean id="httpX" class="org.apache.camel.component.http4.HttpComponent">
   <property name="sslContextParameters" ref="sslContextParams1"/>
</bean>

<bean id="httpY" class="org.apache.camel.component.http4.HttpComponent">
   <property name="sslContextParameters" ref="sslContextParams2"/>
</bean>

and later use the appropriate one in your https endpoints

TacheDeChoco
  • 3,683
  • 1
  • 14
  • 17